service暴露端口的方式与代理的方式

文章目录

service暴露端口的方式与代理的方式

1.kubernetes暴露端口的方式

clusterIP
此类型会提供一个集群内部的虚拟IP(与pod不在同一网段),以供集群内部的pod之间通信使用。clusterIP也是kubernetes service的默认类型
主要需要以下几个组件的协同工作
apiservice:在创建service时,apiserver接收到请求以后将数据存储到etcd中。
kube-proxy:k8s的每个节点中都有该进程,负责实现service功能,这个进程负责感知service,pod的变化,并将变化的信息写入本地的iptables中
iptables:使用NAT等技术奖virtuallp的流量转至endpoint中

NodePort
NodePort模式除了使用cluster ip外,也将service的port映射到每个node的一个指定内部的port上,映射的每个node的内部port都一样。为每个节点暴露一个端口,通过nodeIP+nodeport可以访问你这个服务,同时服务依然会有cluster类型的ip+port。内部通过clusterip方式访问,外部通过nodeport方式访问

loadbalancer
loadbalancer在nodeport基础上,k8s可以请求底层云平台创建一个负载均衡器,将每个node作为后端,进行服务分发,该模式需要底层云平台(例如GCE)支持

lngress
lngress,是一种http方式的路由转发机制由lngress controller和http代理服务器组合而成,lngress controller实例监控kubernetes api,实时更新http代理服务器的转发规则。http代理服务器有GCE load-balancer、haproxy、nginx等开源方案

​ service是一个抽象概念,定义了一个服务的多个pod逻辑合集和访问pod的策略,一般把service称为微服务.举个例子一个a服务运行3个pod,b服务怎么访问a服务的pod,pod的ip都不是持久化的重启之后就会有变化。这时候b服务可以访问跟a服务绑定的service,service信息是固定的提前告诉b就行了,service通过Label Selector跟a服务的pod绑定,无论a的pod如何变化对b来说都是透明的.

2.代理方式

k8s群集中的每个节点都运行一个kube-proxy的组件,kube-proxy其实是一个代理层负责实现service.kube-proxy代理模式有两种:

代理模式:userspace

客户端访问ServiceIP(clusterIP)请求会先从用户空间到内核中的iptables,然后回到用户空间kube-proxy,kube-proxy负责代理工作。
每个service都会由kube-proxy在node节点上起一个随机的代理端口,iptables会捕捉clusterIP上的端口(targetPort)流量重定向代理端口,访问代理端口的任何连接都会被代理到service后端的某一个pod,默认情况下对后端pod的选择是轮询

代理模式:iptables

客户端访问ServiceIP(clusterIP)请求会由iptables直接重定向到后端,具体细节:每个service都会由kube-proxy生成一组iptables规则,iptables会捕捉clusterIP上的端口(targetPort)流量重定向后端某一个pod,默认对pod的选择是随机的

Kubernetes v1.2之前默认是userspace之后是iptables模式,iptables模式性能和可靠性更好,但是iptables模式依赖健康检查,在没有健康检查的情况下如果一个pod不响应,iptables模式不会切换另一个pod上.

3.service的类型

  • ClusterIP 默认模式,只能在集群内部访问
  • NodePort 在每个节点上都监听一个同样的端口号(30000-32767),ClusterIP和路由规则会自动创建。
  • LoadBalancer 使用外部负载均衡。其实也是NodePort,只不过会把:自动添加到公有云的负载均衡当中
  • ExternalName 创建一个dns别名指到service name上,主要是防止service name发生变化,要配合dns插件使用

4.实列

1、创建一个deployment副本数3,然后滚动更新镜像版本,并记录这个更新记录,最后再回滚到上一个版本

[root@master test]# cat deployment.yml 
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: httpd2
  name: httpd2
spec:
  replicas: 3
  selector:
    matchLabels:
      app: httpd2
  template:
    metadata:
      labels:
        app: httpd2
    spec:
      containers:
      - image: 3199560936/httpd:v0.4
        name: httpd2
---
apiVersion: v1
kind: Service
metadata:
  name: httpd2
spec:
  ports:
  - port: 80
    targetPort: 80
  selector:
    app: httpd2
[root@master test]# 

创建deployment类型的pod

[root@master test]# kubectl apply -f deployment.yml 
deployment.apps/httpd2 created
service/httpd2 created
[root@master test]# 

查看

[root@master test]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
httpd2-fd86fb676-f9zjf   1/1     Running   0          16s
httpd2-fd86fb676-hzq27   1/1     Running   0          16s
httpd2-fd86fb676-p94c8   1/1     Running   0          16s
[root@master test]# 

升级

格式:kubectl set image deployment.apps/{deployment名称} {镜像名称}:={镜像名称}:{版本}
[root@master test]# kubectl set image deploy/httpd2 httpd2=httpd:v0.4
deployment.apps/httpd2 image updated
[root@master test]# 

查看升级是否在进行

[root@master test]# kubectl get podsNAME                      READY   STATUS              RESTARTS   AGE
httpd2-84644f7fbb-td5k9   0/1     ContainerCreating   0          8s
httpd2-fd86fb676-f9zjf    1/1     Running             0          54s
httpd2-fd86fb676-hzq27    1/1     Running             0          54s
httpd2-fd86fb676-p94c8    1/1     Running             0          54s
[root@master test]# 
[root@master test]# kubectl get deployment
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
httpd2   3/3     1            3           85s
[root@master test]# 

回滚

默认情况下, Deployment 的上线记录都会保留在系统中,以便可以随时回滚,查看 Deployment 的上线历史记录:

[root@master test]# kubectl rollout history deployment httpd2
deployment.apps/httpd2 
REVISION  CHANGE-CAUSE
1         <none>
2         <none>

[root@master test]# 

查看版本

[root@master ~]# kubectl rollout history deployment httpd2 --revision=2
deployment.apps/httpd2 with revision #2
Pod Template:
  Labels:       app=httpd2
        pod-template-hash=84644f7fbb
  Containers:
   httpd2:
    Image:      httpd:v0.4
    Port:       <none>
    Host Port:  <none>
    Environment:        <none>
    Mounts:     <none>
  Volumes:      <none>

[root@master ~]# 

回滚到上一个版本

[root@master ~]# kubectl rollout undo deployment httpd2 --to-revision=1
deployment.apps/httpd2 rolled back
[root@master ~]# 

查看、

[root@master ~]# kubectl rollout history deployment httpd2
deployment.apps/httpd2 
REVISION  CHANGE-CAUSE
2         <none>
3         <none>

[root@master ~]# 

2.给一个应用扩容副本数为3

[root@master ~]# kubectl scale deploy/httpd2 --replicas=3
deployment.apps/httpd2 scaled
[root@master ~]# 
[root@master ~]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
httpd2-fd86fb676-f9zjf   1/1     Running   0          6m10s
httpd2-fd86fb676-hzq27   1/1     Running   0          6m10s
httpd2-fd86fb676-p94c8   1/1     Running   0          6m10s
[root@master ~]# 

3、创建一个pod,其中运行着nginx、redis、memcached 3个容器

[root@master test]# cat test.yml 
apiVersion: v1
kind: Pod
metadata:
  name: test
  labels:
    app: test01
spec:
  containers:
  - image: nginx
    name: nginx
  - image: redis
    name: redis
  - image: memcached
    name: memcached
[root@master test]# 

创建

[root@master test]# kubectl apply -f test.yml 
pod/test created
[root@master test]# 

查看

[root@master test]# kubectl get pod
NAME                     READY   STATUS    RESTARTS   AGE
httpd2-fd86fb676-f9zjf   1/1     Running   0          9m8s
httpd2-fd86fb676-hzq27   1/1     Running   0          9m8s
httpd2-fd86fb676-p94c8   1/1     Running   0          9m8s
test                     3/3     Running   0          89s
[root@master test]# 

4、给一个pod创建service,并可以通过ClusterlP/NodePort访问

[root@master test]# cat service.yml 
---
apiVersion: v1
kind: Pod
metadata:
  name: sb
  labels:
    app: sb1314
spec:
  containers:
  - image: nginx
    name: nginx

---
apiVersion: v1
kind: Service
metadata:
  name: nginx
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: sb1314
  type: NodePort
[root@master test]# 

创建

[root@master test]# kubectl apply -f service.yml 
pod/sb created
service/nginx created
[root@master test]#

查看

[root@master test]# kubectl get deploy,pod,svc
NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/httpd2   3/3     3            3           11m

NAME                         READY   STATUS    RESTARTS   AGE
pod/httpd2-fd86fb676-f9zjf   1/1     Running   0          11m
pod/httpd2-fd86fb676-hzq27   1/1     Running   0          11m
pod/httpd2-fd86fb676-p94c8   1/1     Running   0          11m
pod/sb                       1/1     Running   0          36s
pod/test                     3/3     Running   0          4m13s

NAME                 TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
service/httpd2       ClusterIP   10.99.116.85     <none>        80/TCP         11m
service/kubernetes   ClusterIP   10.96.0.1        <none>        443/TCP        26m
service/nginx        NodePort    10.100.100.175   <none>        80:31326/TCP   36s
[root@master test]# 

ClusterIP访问

[root@master test]# curl 10.100.100.175
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master test]# 

NodePort访问

[root@master test]# curl 192.168.100.169:31326
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
[root@master test]# 

5、创建deployment和service,使用busybox容器nslookup解析service

[root@master test]# kubectl run busybox  --image=busybox:1.28.4 -- sleep 9000
pod/busybox created
[root@master test]# 

查看

[root@master test]# kubectl get pods
NAME                     READY   STATUS              RESTARTS   AGE
busybox                  0/1     ContainerCreating   0          13s
httpd2-fd86fb676-f9zjf   1/1     Running             0          15m
httpd2-fd86fb676-hzq27   1/1     Running             0          15m
httpd2-fd86fb676-p94c8   1/1     Running             0          15m
sb                       1/1     Running             0          3m49s
test                     3/3     Running             0          7m26s
[root@master test]# 
[root@master test]# kubectl exec -it busybox -- /bin/sh
/ # nslookup kubernetes
Server:    10.96.0.10
Address 1: 10.96.0.10 kube-dns.kube-system.svc.cluster.local

Name:      kubernetes
Address 1: 10.96.0.1 kubernetes.default.svc.cluster.local
/ # 
/ # exit
[root@master test]# 
上一篇:如何做好一个技术 TL


下一篇:Kubernetes配置管理